A ter em atenção:
- Regras de Firewall para Multicast e IGMP
- colocar o MAC ADDRESS do vosso router MEO no interface WAN do ERX
- Na minha configuração:
ETH0 > Porta WAN;
ETH1 > Porta LAN ligada ao router MEO (para disponibilizar linha telefónica). Necessário ter a VLAN 12
ETH2 > Ligação para BOX MEO.
ETH3 e ETH 4 > LAN normal onde tenho pcs
- Indicar no igmp-proxy o Interface de downstream e upstream.
alguma duvida avisem. e se conseguirem por a funcionar avisem
Código:
set firewall all-ping enable
set firewall broadcast-ping disable
set firewall ipv6-receive-redirects disable
set firewall ipv6-src-route disable
set firewall ip-src-route disable
set firewall log-martians enable
set firewall name WAN_IN default-action drop
set firewall name WAN_IN description 'WAN to internal'
set firewall name WAN_IN rule 10 action accept
set firewall name WAN_IN rule 10 description 'Allow IPTV Multicast UDP'
set firewall name WAN_IN rule 10 destination address 232.0.0.0/8
set firewall name WAN_IN rule 10 log disable
set firewall name WAN_IN rule 10 protocol udp
set firewall name WAN_IN rule 10 state established enable
set firewall name WAN_IN rule 10 state invalid disable
set firewall name WAN_IN rule 10 state new enable
set firewall name WAN_IN rule 10 state related enable
set firewall name WAN_IN rule 20 action accept
set firewall name WAN_IN rule 20 description 'Allow IGMP'
set firewall name WAN_IN rule 20 log disable
set firewall name WAN_IN rule 20 protocol igmp
set firewall name WAN_IN rule 20 state
set firewall name WAN_IN rule 30 action accept
set firewall name WAN_IN rule 30 description 'Allow established/related'
set firewall name WAN_IN rule 30 state established enable
set firewall name WAN_IN rule 30 state related enable
set firewall name WAN_IN rule 40 action drop
set firewall name WAN_IN rule 40 description 'Drop invalid state'
set firewall name WAN_IN rule 40 state invalid enable
set firewall name WAN_LOCAL default-action drop
set firewall name WAN_LOCAL description 'WAN to router'
set firewall name WAN_LOCAL rule 10 action accept
set firewall name WAN_LOCAL rule 10 description 'Allow IPTV Multicast UDP'
set firewall name WAN_LOCAL rule 10 destination address 232.0.0.0/8
set firewall name WAN_LOCAL rule 10 log disable
set firewall name WAN_LOCAL rule 10 protocol udp
set firewall name WAN_LOCAL rule 10 state established enable
set firewall name WAN_LOCAL rule 10 state invalid disable
set firewall name WAN_LOCAL rule 10 state new enable
set firewall name WAN_LOCAL rule 10 state related enable
set firewall name WAN_LOCAL rule 20 action accept
set firewall name WAN_LOCAL rule 20 description Teste
set firewall name WAN_LOCAL rule 20 destination address 255.255.255.255
set firewall name WAN_LOCAL rule 20 log disable
set firewall name WAN_LOCAL rule 20 protocol all
set firewall name WAN_LOCAL rule 30 action accept
set firewall name WAN_LOCAL rule 30 description Teste2
set firewall name WAN_LOCAL rule 30 destination address 224.0.0.1
set firewall name WAN_LOCAL rule 30 log disable
set firewall name WAN_LOCAL rule 30 protocol all
set firewall name WAN_LOCAL rule 40 action accept
set firewall name WAN_LOCAL rule 40 description 'Allow established/related'
set firewall name WAN_LOCAL rule 40 state established enable
set firewall name WAN_LOCAL rule 40 state related enable
set firewall name WAN_LOCAL rule 50 action drop
set firewall name WAN_LOCAL rule 50 description 'Drop invalid state'
set firewall name WAN_LOCAL rule 50 state invalid enable
set firewall receive-redirects disable
set firewall send-redirects enable
set firewall source-validation disable
set firewall syn-cookies enable
set interfaces ethernet eth0 description ONT
set interfaces ethernet eth0 duplex auto
set interfaces ethernet eth0 speed auto
set interfaces ethernet eth0 vif 12 address dhcp
set interfaces ethernet eth0 vif 12 description 'Internet MEO'
set interfaces ethernet eth0 vif 12 firewall in name WAN_IN
set interfaces ethernet eth0 vif 12 firewall local name WAN_LOCAL
set interfaces ethernet eth0 vif 12 mac 'XX:XX:XX:XX:XX:XX'
set interfaces ethernet eth1 description ROUTER_MEO
set interfaces ethernet eth1 duplex auto
set interfaces ethernet eth1 speed auto
set interfaces ethernet eth1 vif 12 address 192.168.11.254/24
set interfaces ethernet eth1 vif 12 description VIF12_ROUTER_MEO
set interfaces ethernet eth1 vif 12 mtu 1500
set interfaces ethernet eth2 address 192.168.10.254/24
set interfaces ethernet eth2 description IPTV
set interfaces ethernet eth2 duplex auto
set interfaces ethernet eth2 speed auto
set interfaces ethernet eth3 description Local
set interfaces ethernet eth3 duplex auto
set interfaces ethernet eth3 speed auto
set interfaces ethernet eth4 description Local
set interfaces ethernet eth4 duplex auto
set interfaces ethernet eth4 speed auto
set interfaces loopback lo
set interfaces switch switch0 address 10.0.1.254/23
set interfaces switch switch0 description Local
set interfaces switch switch0 mtu 1500
set interfaces switch switch0 switch-port interface eth3
set interfaces switch switch0 switch-port interface eth4
set interfaces switch switch0 switch-port vlan-aware disable
set protocols igmp-proxy interface eth0 role downstream
set protocols igmp-proxy interface eth0 threshold 1
set protocols igmp-proxy interface eth0.12 alt-subnet 0.0.0.0/0
set protocols igmp-proxy interface eth0.12 role upstream
set protocols igmp-proxy interface eth0.12 threshold 1
set protocols igmp-proxy interface eth2 alt-subnet 0.0.0.0/0
set protocols igmp-proxy interface eth2 role downstream
set protocols igmp-proxy interface eth2 threshold 1
set service dhcp-server disabled false
set service dhcp-server hostfile-update disable
set service dhcp-server shared-network-name DHCP_INT_MEO authoritative disable
set service dhcp-server shared-network-name DHCP_INT_MEO subnet 192.168.11.0/24 default-router 192.168.11.254
set service dhcp-server shared-network-name DHCP_INT_MEO subnet 192.168.11.0/24 dns-server 192.168.11.254
set service dhcp-server shared-network-name DHCP_INT_MEO subnet 192.168.11.0/24 lease 86400
set service dhcp-server shared-network-name DHCP_INT_MEO subnet 192.168.11.0/24 start 192.168.11.1 stop 192.168.11.100
set service dhcp-server shared-network-name REDE_MEO authoritative disable
set service dhcp-server shared-network-name REDE_MEO subnet 192.168.10.0/24 default-router 192.168.10.254
set service dhcp-server shared-network-name REDE_MEO subnet 192.168.10.0/24 dns-server 212.55.154.174
set service dhcp-server shared-network-name REDE_MEO subnet 192.168.10.0/24 dns-server 212.55.154.190
set service dhcp-server shared-network-name REDE_MEO subnet 192.168.10.0/24 lease 86400
set service dhcp-server shared-network-name REDE_MEO subnet 192.168.10.0/24 start 192.168.10.50 stop 192.168.10.200
set service dhcp-server shared-network-name LAN2 authoritative enable
set service dhcp-server shared-network-name LAN2 subnet 10.0.0.0/23 default-router 10.0.1.254
set service dhcp-server shared-network-name LAN2 subnet 10.0.0.0/23 dns-server 10.0.1.254
set service dhcp-server shared-network-name LAN2 subnet 10.0.0.0/23 lease 86400
set service dhcp-server shared-network-name LAN2 subnet 10.0.0.0/23 start 10.0.0.1 stop 10.0.1.220
set service dhcp-server static-arp disable
set service dhcp-server use-dnsmasq disable
set service dns forwarding cache-size 150
set service dns forwarding listen-on eth1
set service dns forwarding listen-on switch0
set service dns forwarding listen-on eth1.12
set service gui http-port 80
set service gui https-port 443
set service gui older-ciphers enable
set service nat rule 5010 description 'masquerade for WAN'
set service nat rule 5010 outbound-interface eth0.12
set service nat rule 5010 type masquerade
set service ssh port 22
set service ssh protocol-version v2
set service unms disable
set system host-name ubnt
set system ntp server 0.ubnt.pool.ntp.org
set system ntp server 1.ubnt.pool.ntp.org
set system ntp server 2.ubnt.pool.ntp.org
set system ntp server 3.ubnt.pool.ntp.org